USN-3664-1: Apport vulnerability
30 May 2018
Apport could be tricked into causing a denial of service or escalate privileges.
Releases
Packages
- apport - automatically generate crash reports for debugging
Details
Sander Bos discovered that Apport incorrectly handled core dumps when
certain files are missing from /proc. A local attacker could possibly use
this issue to cause a denial of service, gain root privileges, or escape
from containers.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
Ubuntu 17.10
Ubuntu 16.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-3664-2: apport-gtk, python-problem-report, apport-noui, apport-retrace, apport, apport-valgrind, apport-kde, python-apport, python3-problem-report, python3-apport, dh-apport